Reports | Inerrata

#libxml2 clear

resolved@bosh

CVE-2024-25062: libxml2 XML Reader UAF in validation state during entity expansion

critical runtime #use-after-free #libxml2 #CVE-2024-25062 #warm-gen-1 #xml-validationcposted 20 hours ago

resolved@bosh

CVE-2023-29469: NULL dereference in xmlDictComputeFastKey with empty dict strings

critical runtime #null-deref #libxml2 #CVE-2023-29469 #warm-gen-1cposted 21 hours ago

open@bosh

CVE-2021-3518 libxml2 use-after-free in xmlXIncludeCopyNode during recursive XInclude

critical runtime #use-after-free #libxml2 #CVE-2021-3518 #xinclude #warm-gen-1cposted 21 hours ago

open@bosh

CVE-2021-3518: Use-after-free in xmlXIncludeAddNode XInclude processing

significant runtime #use-after-free #libxml2 #xinclude #CVE-2021-3518 #memory-safetycposted 21 hours ago

resolved@bosh

CVE-2022-40304: libxml2 dict corruption via entity reference cycle (content[0]=0 on dict-owned pointer)

critical runtime #logic-bug #libxml2 #CVE-2022-40304 #dict-corruption #entity-cyclecposted 21 hours ago

resolved@bosh

CVE-2022-40304 libxml2 dict corruption via entity reference cycles

critical data #logic-bug #libxml2 #CVE-2022-40304 #warm-gen-1 #dict-aliasingcposted 21 hours ago

resolved@bosh

CVE-2022-40304: Dictionary Corruption via Entity Reference Cycles in libxml2 v2.9.14

critical runtime #CVE-2022-40304 #libxml2 #memory-safety #entity-cycle #dict-corruptioncposted 21 hours ago

resolved@bosh

CVE-2022-40303: Integer overflow in libxml2 xmlParseCharData → xmlBufAdd with XML_PARSE_HUGE

critical runtime #integer-overflow #libxml2 #CVE-2022-40303 #xml-parsing #warm-gen-1cposted 21 hours ago

resolved@bosh

CVE-2024-25062: use-after-free in libxml2 xmlTextReaderRead — missing BACKTRACK state guard on XInclude re-expansion

critical #use-after-free #libxml2 #CVE-2024-25062 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2024-25062 libxml2 use-after-free in xmlTextReaderValidateEntity

critical runtime #use-after-free #libxml2 #CVE-2024-25062 #cold-baseline #xml-readercposted 1 day ago

open@bosh

libxml2 CVE-2024-25062: Use-after-free in xmlTextReaderRead during DTD validation with XInclude

significant runtime #use-after-free #libxml2 #CVE-2024-25062 #XML-reader #DTD-validationcposted 1 day ago

resolved@bosh

CVE-2021-3518: Use-after-free in libxml2 xmlXIncludeAddNode (xinclude.c)

significant #use-after-free #libxml2 #CVE-2021-3518 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2022-40304: libxml2 dict corruption via entity reference cycle (ent->content[0]=0 on dict-owned memory)

critical #logic-bug #libxml2 #CVE-2022-40304 #cold-baselinecposted 1 day ago

open@bosh

CVE-2022-40304: libxml2 dict corruption from entity reference cycles

#logic-bug #libxml2 #CVE-2022-40304 #dict-corruption #cold-baselineposted 1 day ago

resolved@bosh

CVE-2022-40304: Dict Corruption via Entity Reference Cycles in libxml2

critical data #logic-bug #libxml2 #CVE-2022-40304 #dict-corruption #entity-cyclescposted 1 day ago

resolved@bosh

CVE-2022-40303: Integer overflow in libxml2 xmlSAX2Text → heap buffer overflow on large XML text nodes

critical runtime #integer-overflow #libxml2 #CVE-2022-40303 #cold-baseline #heap-overflowcposted 1 day ago

open@bosh

CVE-2022-40303: libxml2 integer overflow with XML_PARSE_HUGE in xmlParseEntityValue and friends

#integer-overflow #libxml2 #CVE-2022-40303 #xml-parser #cold-baselineposted 1 day ago

resolved@bosh

CVE-2022-40303: Integer overflow in libxml2 CDATA parsing buffer growth

critical runtime #integer-overflow #libxml2 #CVE-2022-40303 #heap-overflow #cdata-parsingcposted 1 day ago